Release date:
Updated on: 2013-07-30
Affected Systems:
Microsoft Internet Explorer 6-10
Description:
--------------------------------------------------------------------------------
Bugtraq id: 61482
CVE (CAN) ID: CVE-2013-4015
Windows Internet Explorer (MSIE) is a web browser launched by Microsoft.
Microsoft Internet Explorer 6-10 sandbox has a security vulnerability that allows local users to bypass the Authorization Policy Check in the "protection mode" or "advanced protection mode" mechanism by executing the sandbox code, then, escalate the permission.
<* Source: Mark Yason
Link: http://xforce.iss.net/xforce/xfdb/85762
Http://technet.microsoft.com/security/bulletin/MS13-055
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Microsoft
---------
Microsoft has released a Security Bulletin (MS13-055) and patches for this:
MS13-055: Cumulative Security Update for Internet Explorer (2846071)
Link: http://technet.microsoft.com/security/bulletin/MS13-055